I am coding a website in C#.NET and would like to remove the Server information contained in HTTP response headers. I am running Windows 7 and running IIS 7.5.
Now I have two problems. The first problem is that whenever I use HttpFox to get the response headers, the server is listed as ASP.NET Development Server 10 instead of IIS 7.5
The second problem is that I can not remove the Server part. I tried installing URLScan and modifying the RemoveServerHeader configuration to 1 so that it is hidden. I tried stopping the HTTP response header service from IIS. I tried to alter it programmically by following this article “Remove HTTP response headers to hide your framework” and others which are similar. However, whenever I run the website with HttpFox, the server part remains unchanged.
What can I do to solve this problem please? This is very important as it is part of my dissertation.
Any help is greatly appreciated 🙂
There are 2 places where headers are being added. IIS and your ASP.NET or WCF, etc app side.
Not sure about the visual studio builtin webserver, but yeah that won’t be used in production anyway, so why bother ?
You can also configure your web project in visual studio to use locall IIS or IISExpress instead of VS bultin. ( see properties / web tab )
And you can remove the IIS side headers from IIS admin GUI.
As per ASP.NET, you can hook into PreSendRequestHeaders event handler and see whats there and remove if you would like to.
Similar in WCF, you have the option to remove response headers but different way ( message interceptor ).